If you're using the Opensource version of OSSIM, you could replace the default version with the latest OSSEC version.
OSSIM integrates with OSSEC through a "plugin" mechanism. Basically it is a config file that tells OSSIM how to handle alerts generated out of OSSIM. The plugin file is in /etc/ossim/agent/plugins/ossec.cfg There is quite a bit of mapping rules between OSSEC and OSSIM, so you probably need to update some of that when upgrading OSSEC. On Wed, Apr 11, 2012 at 2:14 PM, Qasim Ijaz <[email protected]> wrote: > How integrated is OSSEC in OSSIM? What if you installed a new version of > OSSEC only? Would it update OSSEC-OSSIM? > > > On Tuesday, April 10, 2012 10:10:10 AM UTC-4, Christopher Moraes wrote: >> >> I second this. At our company, we started out using OSSEC and now are >> moving to OSSIM to get the web GUI and reporting. OSSIM integrates with >> OSSEC very well and all the work we put into creating rules and decoders >> for OSSEC can be reused without any change. >> >> The only thing is the current version of OSSIM is still on OSSEC version >> 2.5.1. >> >> >> On Mon, Apr 9, 2012 at 5:40 PM, Jaime Blasco <[email protected] >> > wrote: >> >>> You can take a look at Ossim. We put some basic management stuff for >>> Ossec also. >>> >>> http://communities.alienvault.**com/community<http://communities.alienvault.com/community> >>> >>> Best Regards >>> >>> On Mon, Apr 9, 2012 at 2:27 PM, Qasim Ijaz <[email protected]> wrote: >>> >>>> I'll try those. Thanks Dan. >>>> >>>> >>>> On Monday, April 9, 2012 4:02:14 PM UTC-5, dan (ddpbsd) wrote: >>>>> >>>>> They aren't OSSEC specific, and can't do a bunch of OSSEC specific >>>>> things, but I like Graylog2 and logstash. >>>>> >>>>> On Mon, Apr 9, 2012 at 4:26 PM, Qasim Ijaz <[email protected]> >>>>> wrote: >>>>> > I have used OSSEC WUI and SPLUNK. I love detail in OSSEC WUI but i'd >>>>> like >>>>> > graphs. Splunk is expensive. Any alternatives guys? >>>>> >>>> >>> >>> >>> -- >>> ______________________________**_ >>> >>> Jaime Blasco >>> >>> AlienVault Labs Manager >>> >>> www.ossim.com >>> labs.alienvault.com >>> Email: [email protected] >>> >>> http://twitter.com/**jaimeblascob <http://twitter.com/jaimeblascob> >>> >>> >>
